diff --git a/init/01-sysUpdate.sh b/init/01-sysUpdate.sh index e263ac5..febca97 100644 --- a/init/01-sysUpdate.sh +++ b/init/01-sysUpdate.sh @@ -2,14 +2,66 @@ # chmod +x 01-sysUpdate.sh && ./01-sysUpdate.sh # curl -sS -O https://gitea.tohub.top/Share/vps/raw/branch/main/init/01-sysUpdate.sh && chmod +x 01-sysUpdate.sh && ./01-sysUpdate.sh -echo "系统更新" +# 错误处理:任何命令失败时退出 +set -euo pipefail +# 日志函数 +log() { + echo "[$(date +'%Y-%m-%d %H:%M:%S')] $*" +} + +log_error() { + echo "[$(date +'%Y-%m-%d %H:%M:%S')] ERROR: $*" >&2 +} + +log "========== 开始系统更新 ==========" + +# 检测操作系统类型 if [ -f "/etc/debian_version" ]; then - apt update -y && DEBIAN_FRONTEND=noninteractive apt full-upgrade -y + OS_TYPE="debian" + log "检测到 Debian/Ubuntu 系统" +elif [ -f "/etc/redhat-release" ]; then + OS_TYPE="redhat" + log "检测到 RedHat/CentOS 系统" +else + log_error "不支持的操作系统" + exit 1 fi -# 1、VPS Initialization -apt update -y && apt upgrade -y # 更新一下包 -apt install -y wget curl sudo vim git ufw # Debian系统比较干净,安装常用的软件 -sudo usermod -aG sudo root +# 系统更新 +log "更新软件包列表..." +if [ "$OS_TYPE" = "debian" ]; then + if ! apt update -y; then + log_error "更新软件包列表失败" + exit 1 + fi + log "升级系统软件包..." + if ! DEBIAN_FRONTEND=noninteractive apt full-upgrade -y; then + log_error "系统升级失败" + exit 1 + fi + + # 安装常用软件 + log "安装常用软件包..." + PACKAGES="wget curl sudo vim git ufw" + for pkg in $PACKAGES; do + if ! dpkg -l | grep -q "^ii $pkg "; then + log "安装 $pkg..." + apt install -y "$pkg" || log_error "安装 $pkg 失败,继续..." + else + log "$pkg 已安装" + fi + done + +elif [ "$OS_TYPE" = "redhat" ]; then + if ! yum update -y; then + log_error "系统更新失败" + exit 1 + fi + + log "安装常用软件包..." + yum install -y wget curl sudo vim git firewalld || log_error "部分软件包安装失败" +fi + +log "========== 系统更新完成 ==========" diff --git a/init/02-sysCleanup.sh b/init/02-sysCleanup.sh index 77ddc91..7713cba 100644 --- a/init/02-sysCleanup.sh +++ b/init/02-sysCleanup.sh @@ -2,13 +2,88 @@ # chmod +x 02-sysCleanup.sh && ./02-sysCleanup.sh # curl -sS -O https://gitea.tohub.top/Share/vps/raw/branch/main/init/02-sysCleanup.sh && chmod +x 02-sysCleanup.sh && ./02-sysCleanup.sh -echo "系统清理" +# 错误处理:任何命令失败时退出 +set -euo pipefail -apt autoremove --purge -y -apt clean -y -apt autoclean -y -apt remove --purge $(dpkg -l | awk '/^rc/ {print $2}') -y -journalctl --rotate -journalctl --vacuum-time=1s -journalctl --vacuum-size=50M -apt remove --purge $(dpkg -l | awk '/^ii linux-(image|headers)-[^ ]+/{print $2}' | grep -v $(uname -r | sed 's/-.*//') | xargs) -y +# 日志函数 +log() { + echo "[$(date +'%Y-%m-%d %H:%M:%S')] $*" +} + +log_error() { + echo "[$(date +'%Y-%m-%d %H:%M:%S')] ERROR: $*" >&2 +} + +log "========== 开始系统清理 ==========" + +# 检测操作系统类型 +if [ -f "/etc/debian_version" ]; then + OS_TYPE="debian" +elif [ -f "/etc/redhat-release" ]; then + OS_TYPE="redhat" +else + log_error "不支持的操作系统" + exit 1 +fi + +if [ "$OS_TYPE" = "debian" ]; then + # 1. 清理无用的软件包 + log "清理不再需要的软件包..." + apt autoremove --purge -y || log_error "autoremove 失败" + + # 2. 清理 APT 缓存 + log "清理 APT 缓存..." + apt clean -y || log_error "apt clean 失败" + apt autoclean -y || log_error "apt autoclean 失败" + + # 3. 清理已卸载但配置文件残留的包(安全检查) + log "清理残留的配置文件..." + RC_PACKAGES=$(dpkg -l | awk '/^rc/ {print $2}' || true) + if [ -n "$RC_PACKAGES" ]; then + log "找到 $(echo "$RC_PACKAGES" | wc -l) 个残留配置包" + echo "$RC_PACKAGES" | xargs apt remove --purge -y || log_error "清理残留配置失败" + else + log "没有残留的配置文件需要清理" + fi + + # 4. 清理旧内核(保留当前内核和最新的一个旧内核) + log "清理旧内核..." + CURRENT_KERNEL=$(uname -r | sed 's/-generic//;s/-amd64//') + log "当前内核: $CURRENT_KERNEL" + + # 获取所有已安装的内核 + OLD_KERNELS=$(dpkg -l | awk '/^ii linux-(image|headers)-[0-9]/{print $2}' | grep -v "$CURRENT_KERNEL" | sort -V | head -n -1 || true) + + if [ -n "$OLD_KERNELS" ]; then + log "发现旧内核(将保留最新的一个旧内核作为备份):" + echo "$OLD_KERNELS" + echo "$OLD_KERNELS" | xargs apt remove --purge -y || log_error "清理旧内核失败" + log "旧内核清理完成" + else + log "没有需要清理的旧内核" + fi + +elif [ "$OS_TYPE" = "redhat" ]; then + log "清理 YUM 缓存..." + yum clean all || log_error "yum clean 失败" + + log "清理旧内核(保留最新的2个内核)..." + package-cleanup --oldkernels --count=2 -y || log_error "清理旧内核失败" +fi + +# 5. 清理 journal 日志(保留最近 7 天或 500M) +log "清理系统日志..." +if command -v journalctl &> /dev/null; then + journalctl --rotate || log_error "日志轮转失败" + journalctl --vacuum-time=7d || log_error "按时间清理日志失败" + journalctl --vacuum-size=500M || log_error "按大小清理日志失败" + log "日志清理完成" +else + log "journalctl 不可用,跳过日志清理" +fi + +# 6. 显示清理后的磁盘使用情况 +log "========== 磁盘使用情况 ==========" +df -h / || true + +log "========== 系统清理完成 ==========" diff --git a/init/03-docker.sh b/init/03-docker.sh index 454919d..86f8cc0 100644 --- a/init/03-docker.sh +++ b/init/03-docker.sh @@ -2,30 +2,166 @@ # chmod +x 03-docker.sh && ./03-docker.sh # curl -sS -O https://gitea.tohub.top/Share/vps/raw/branch/main/init/03-docker.sh && chmod +x 03-docker.sh && ./03-docker.sh -echo "初始化vps" +# 错误处理:任何命令失败时退出 +set -euo pipefail -# 检查 Docker 是否已安装 -if ! command -v docker &> /dev/null; then - # 如果 Docker 未安装,则安装它 - echo "安装 Docker..." - curl -fsSL https://get.docker.com | sudo sh +# 日志函数 +log() { + echo "[$(date +'%Y-%m-%d %H:%M:%S')] $*" +} + +log_error() { + echo "[$(date +'%Y-%m-%d %H:%M:%S')] ERROR: $*" >&2 +} + +log "========== 开始 Docker 安装 ==========" + +# 检测操作系统类型 +if [ -f "/etc/debian_version" ]; then + OS_TYPE="debian" + log "检测到 Debian/Ubuntu 系统" +elif [ -f "/etc/redhat-release" ]; then + OS_TYPE="redhat" + log "检测到 RedHat/CentOS 系统" else - echo "Docker 已经安装." + log_error "不支持的操作系统" + exit 1 fi +# 安装 Docker +if ! command -v docker &> /dev/null; then + log "Docker 未安装,开始安装..." + + # 下载 Docker 安装脚本 + log "下载 Docker 官方安装脚本..." + DOCKER_SCRIPT="/tmp/get-docker.sh" + + # 使用重试机制下载 + MAX_RETRIES=3 + RETRY_COUNT=0 + while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do + if curl -fsSL https://get.docker.com -o "$DOCKER_SCRIPT"; then + log "安装脚本下载成功" + break + else + RETRY_COUNT=$((RETRY_COUNT + 1)) + if [ $RETRY_COUNT -lt $MAX_RETRIES ]; then + log "下载失败,${RETRY_COUNT}/$MAX_RETRIES,5秒后重试..." + sleep 5 + else + log_error "下载 Docker 安装脚本失败,已重试 $MAX_RETRIES 次" + exit 1 + fi + fi + done + + # 显示脚本内容供审查(可选,生产环境可注释) + log "安装脚本 SHA256: $(sha256sum "$DOCKER_SCRIPT" | awk '{print $1}')" + + # 执行安装 + log "执行 Docker 安装..." + if sh "$DOCKER_SCRIPT"; then + log "Docker 安装成功" + rm -f "$DOCKER_SCRIPT" + else + log_error "Docker 安装失败" + rm -f "$DOCKER_SCRIPT" + exit 1 + fi + + # 启动 Docker 服务 + log "启动 Docker 服务..." + systemctl enable docker || log_error "无法启用 Docker 服务" + systemctl start docker || log_error "无法启动 Docker 服务" + + # 配置当前用户到 docker 组(如果不是 root) + if [ "$EUID" -ne 0 ] && [ -n "${SUDO_USER:-}" ]; then + log "将用户 $SUDO_USER 添加到 docker 组..." + usermod -aG docker "$SUDO_USER" || log_error "添加用户到 docker 组失败" + log "注意: 用户需要重新登录才能生效" + fi +else + log "Docker 已安装" +fi + +# 显示 Docker 版本 +log "Docker 版本信息:" +docker --version || log_error "无法获取 Docker 版本" + # 安装 Docker Compose +COMPOSE_VERSION="v2.24.5" # 指定稳定版本,可根据需要更新 if ! command -v docker-compose &> /dev/null; then - # 如果 Docker Compose 未安装,则安装它 - echo "安装 Docker Compose..." - #apt install -y docker-compose - curl -L "https://github.com/docker/compose/releases/latest/download/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose - chmod +x /usr/local/bin/docker-compose + log "Docker Compose 未安装,开始安装 (版本: $COMPOSE_VERSION)..." + + # 检测系统架构 + ARCH=$(uname -m) + case $ARCH in + x86_64) + ARCH="x86_64" + ;; + aarch64|arm64) + ARCH="aarch64" + ;; + armv7l) + ARCH="armv7" + ;; + *) + log_error "不支持的架构: $ARCH" + exit 1 + ;; + esac + + # 下载 Docker Compose + COMPOSE_URL="https://github.com/docker/compose/releases/download/${COMPOSE_VERSION}/docker-compose-linux-${ARCH}" + COMPOSE_PATH="/usr/local/bin/docker-compose" + + log "下载 Docker Compose from $COMPOSE_URL..." + MAX_RETRIES=3 + RETRY_COUNT=0 + while [ $RETRY_COUNT -lt $MAX_RETRIES ]; do + if curl -L "$COMPOSE_URL" -o "$COMPOSE_PATH"; then + log "Docker Compose 下载成功" + break + else + RETRY_COUNT=$((RETRY_COUNT + 1)) + if [ $RETRY_COUNT -lt $MAX_RETRIES ]; then + log "下载失败,${RETRY_COUNT}/$MAX_RETRIES,5秒后重试..." + sleep 5 + else + log_error "下载 Docker Compose 失败,已重试 $MAX_RETRIES 次" + exit 1 + fi + fi + done + + # 设置执行权限 + chmod +x "$COMPOSE_PATH" || log_error "设置 Docker Compose 执行权限失败" + + # 验证安装 + if docker-compose --version &> /dev/null; then + log "Docker Compose 安装成功" + else + log_error "Docker Compose 安装失败" + exit 1 + fi else - echo "Docker Compose 已经安装." + log "Docker Compose 已安装" fi -echo "------------------------" -echo "Docker的版本" -docker --version -docker-compose --version -echo "------------------------" +# 显示版本信息 +log "========== 安装完成 ==========" +log "Docker 版本:" +docker --version || true +log "Docker Compose 版本:" +docker-compose --version || true +log "=========================================" + +# 验证 Docker 运行状态 +if systemctl is-active --quiet docker; then + log "Docker 服务正在运行" +else + log_error "Docker 服务未运行" + exit 1 +fi + +log "========== Docker 安装配置完成 =========="